Hello, I'm pretty new to this but I would like to know if there is the possibility to drop one document in a logstash configuration file if the timestamp is similar to a previous one processed.
For example, I would like to index documents every second and discard all the following that are coincident in seconds but differ in miliseconds, or that ar equal in minutes but differ in seconds.
So if I received 100 network packages in 1 second, only index the first one and drop the rest.
Thank you.
You could use a throttle filter to tag the events and then drop them if they are tagged.
Hi, I'm still playing with parameters to get the results that I want, but it was what I was looking for.
Thanks a lot.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.